c4-pre-sort
commented
6 months ago 0xRobocop marked the issue as insufficient quality report
Closed c4-bot-8 closed 6 months ago
c4-pre-sort
commented
6 months ago 0xRobocop marked the issue as insufficient quality report
3docSec
commented
6 months ago No impact stated other than not following the spec in docs
c4-judge
commented
6 months ago 3docSec marked the issue as unsatisfactory: Insufficient proof
Lines of code
https://github.com/code-423n4/2024-03-ondo-finance/blob/78779c30bebfd46e6f416b03066c55d587e8b30b/contracts/ousg/ousgInstantManager.sol#L278 https://github.com/code-423n4/2024-03-ondo-finance/blob/78779c30bebfd46e6f416b03066c55d587e8b30b/contracts/ousg/ousgInstantManager.sol#L388
Vulnerability details
[M-1] Clearly there is fee on transfer on the
OUSGInstantManager::_mintandOUSGInstantManager::_redeemfunctionsDescription the
OUSGInstantManager::_mintandOUSGInstantManager::_redeemfunctions will charge a fee on the transfer Contrary to what was said in docs. it should be clearly mentioned in the docs that there is a fee on transfer.Impact Breaking the functionality of the protocol Contrary to what was said in the docs. it just breaks the logic of the function and operate in a different way than what was said in the docs.
Proof of Concept: every time a user or a role wants to call the
mintorredeemfunctions (or any other function that calls the_redeemand_mintfunctions) they will be charged a fee.Recommend Mitigation mention this thing in the docs and known issues and modify and review the ERC20 token behaviors chart.
Assessed type
ETH-Transfer